CBC News has confirmed a recent cyber-attack successfully breached a Calgary-based supplier of control systems for electrical power grids, municipal water systems, public transit operations, and most of Canada’s major oil and gas pipelines.
Sources say the incident was serious enough to spark action from Canada’s spy service, the RCMP, military intelligence, and the federal government’s special cyber response agency.
Cyber-security expert Daniel Toboc tells CBC News that computer hacking aimed at the control systems of major utilities is becoming both common and potentially among the most serious of all cyber-attacks.
“On a scale of one to 10, I’d give that an eight or nine. God forbid, we ever get a 10.”
Affected some files
The company, Telvent Canada, says the security breach of its corporate network “affected some customer files.”
The firm would not reveal whether the hackers managed to steal information that might endanger any of the country’s major utilities.
"Customers have been informed and are taking recommended actions with the support of Telvent teams," the company says.
It is also “actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained.”
The federal public safety department refused to provide details of the incident “for operational reasons,” nor would officials say whether ordinary Canadians are at risk as a result of the attacks.
“The Government of Canada takes cyber threats seriously and has measures in place to address them,” the department said in a statement.
“The Canadian Cyber Incident Response Centre is aware of this incident, and is already working with stakeholders in government and the private sector.”
Officials at Telvent and the law enforcement agencies involved in the investigation are refusing to speculate about the source of the cyber-attack.
Similar to attacks from China
But an online cyber-security news website — KrebsOnSecurity.com — cites experts saying the job bore the fingerprints of similar attacks from China.
Only a week ago, the Canadian Security Intelligence Service (CSIS) used its annual report to issue a stern warning that corporations in this country are being attacked by hackers engaged in foreign cyber-espionage.
The report said federal government computers are being hit on a daily basis.
While CSIS doesn’t single out any country by name in its report, federal documents released under the Access to Information Act in recent months show law enforcement agencies and federal officials pointing a finger at China.
One way or another, the latest attack on the Calgary high-tech company is bound to stir even more public concern and political controversy surrounding the proposed Gateway pipeline from the Alberta oilsands to the B.C. coast.
Much of the public debate around the project turns on the reliability of the pipeline, and the potential environmental impact of a major spill.
The possibility raised by the Telvent attack — that hackers could conceivably get their hands on computer codes used to control the pipeline — is bound to spark heated controversy.
The incident also won’t be helpful to the proposed takeover of Nexen, a Calgary-based oil company, by the Chinese petroleum giant CNOOC.
The Harper government still has to approve the $15.4-billion deal, and is under pressure from opposition parties and some large corporations to wring concessions out of the Chinese government as part of the deal.
Friday in the Commons, NDP MP Kennedy Stewart cited the attack on Telvent and reports pointing to a Chinese group as the possible culprits.
“In light of this, can the Conservatives tell us if national security is part of the criteria for the Nexen takeover review?”Suggest a correction